gs-navigate-pages
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill ingests untrusted content from external Google Scholar search results, including paper titles, snippets, and metadata, which are returned to the agent without sanitization.\n
- Ingestion points: Data is extracted from the DOM of the target page using
document.querySelectorAllwithin the browser environment.\n - Boundary markers: No delimiters or explicit instructions are provided to the agent to treat the extracted content as untrusted data rather than instructions.\n
- Capability inventory: The skill can navigate to arbitrary URLs and execute JavaScript in the browser via the
mcp__chrome-devtoolstools.\n - Sanitization: Extracted text is trimmed but not escaped or filtered for malicious content before being reported.\n- [COMMAND_EXECUTION]: Dynamic Script Generation. The skill performs simple runtime script assembly by substituting calculated pagination variables (
NEW_START,NEW_PAGE) into a predefined JavaScript template for execution viaevaluate_script.
Audit Metadata